Data Ethics

Personally Identifiable Information (PII) Defined: What is it and Why is it Important?

March 7, 2019  |   Lisa Rapp

For decades, companies have used data to create better experiences for their customers. But not all data is created equal. Among the most useful data is a form of first-party data called personally identifiable information (PII).

Let’s explore what personally identifiable information means, why it’s so important to marketing success, and its place in the rapidly changing regulatory landscape.

What Is Personally Identifiable Information (PII)?

Personally identifiable information (PII) is data that can be used to identify someone. It is typically actively collected, meaning the information is provided directly by the individual.

Here are several identifiers that qualify as PII-based data:

  • Name
  • Email address
  • Postal address
  • Phone number
  • Personal ID numbers (e.g., social security, passport, driver’s license, bank account)

Other personal data, such as date of birth, is not technically classified as PII as the data is not unique in isolation (e.g., multiple people have the same birthday).

Why Is PII Important in Marketing?

Since the dawn of the mail-order catalog, PII-based data has been the bedrock of data-driven marketing. That’s because it’s largely foolproof. While PII-based data changes from time to time, such as when a consumer moves or switches phone numbers, it generally provides the most reliable, consistent identifier and richest insights of any data source available.

PII-based data has increased in importance as marketers shift from marketing to approximations of people on digital channels to people-based marketing across all channels. PII-based data serves as the primary record when marketers seek to bring multiple streams of data together to track the customer journey and create more personalized omnichannel experiences. For instance, marketers can use 1st party PII-based data to build an omnichannel view of the consumer and tie it to anonymized identifiers, such as cookies and device IDs.

Because PII-based data directly identifies individuals, it is highly sensitive information and must be handled securely. Marketers must always keep data ethics and privacy compliance at the heart of all they do when using this personal data for marketing purposes.

How Does GDPR Define Personally Identifiable Information?

PII is a term specific to the United States. As regulators throughout the world bring new data privacy legislation forward, they are categorizing and defining personal information differently, requiring marketers to take a diligent approach to ensure global compliance.

This is particularly applicable to the EU’s General Data Protection Regulation (GDPR), which affects all companies processing data from EU member countries.  While PII is used broadly in the U.S., the term “personal data” is used instead in Europe. It’s also not a 1:1 comparison: As defined in GDPR, personal data covers a much larger footprint than PII-based data:

The GDPR applies to ‘personal data,’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data, or online identifier, reflecting changes in technology and the way organisations collect information about people.

Personal data per GDPR also includes identified/identifiable data (any information that could be used to identify a person, such as mobile IDs, cookies, and IP addresses) and pseudonymous data (scrambled or “hashed” identifiers that still enable some form of re-identification).

This means that even if a company does not collect PII-based data in the EU, it can still be subject to GDPR due to European regulators’ broader definition of personal data. To ensure GDPR compliance, marketers must establish formal processes to ensure they always aggregate and use personal data in an ethical way in support of delivering the best customer experience.

Learn more about the implications of GDPR and how to ensure ethical use of personal data.